Confluence displays ALL attachments when the following URL is viewed

Description

i removed the space key from the URL for the normal space attachment viewing, and it displays all the attachments for all spaces in the install of Confluence, Irrispecitve of space and page level permission restrictions.

For Example:
http://confluence.atlassian.com/spaces/listattachmentsforspace.action

while this does not allow people to download the files, it does give people the name of the files, the location and the page they are attached to.

Could this be patched ASAP!

We will be blocking the URL through our Apache install for the moment until this is rectified.

All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please mail to content@vulners.com Vulners, 2018